Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Indian Common Criteria Certification Scheme (IC3S)
July, 2010
Indian Common Criteria Certification Scheme (IC3S)
July, 2010
CC Project in India
Enable India to become a participating country in CCRA and subsequently to
become a “Producing Nation”
Steps so far:
• India has become a member of CCRA as a “Consuming Nation” in 2005
Government of India notification on empowering
Indian Common Criteria Certification Scheme
Government of India notification on empowering
Directorate” as Common Criteria Certification Body released on 13
December 2007. Indian Certification Body established and
Common Criteria Certification Scheme)
• Pilot CC Test Lab (CCTL) established at STQC IT Services, Kolkata and
ISO 17025 implemented
Enable India to become a participating country in CCRA and subsequently to
India has become a member of CCRA as a “Consuming Nation” in 2005
Government of India notification on empowering “Department of IT, STQC
Indian Common Criteria Certification Scheme- July, 2010 2
Government of India notification on empowering “Department of IT, STQC
as Common Criteria Certification Body released on 13th
December 2007. Indian Certification Body established and IC3S (Indian
Common Criteria Certification Scheme) launched
Pilot CC Test Lab (CCTL) established at STQC IT Services, Kolkata and
CC Project in India
DIT
National
Information
Board
Directive (under Cyber
Security Assurance
Responsibility to
DIT
Pilot Lab
at Kolkata
Other
Commercial
Labs
Security Assurance
program of GOI)
ISO
17025
Indian Common Criteria Certification Scheme
STQC
Responsibility to
CC Certification
Body
ISO
Guide65
STQC
Other
Commercial
Labs
Other
Commercial
Labs
Other
Commercial
Labs
3Indian Common Criteria Certification Scheme- July, 2010
Ministry of Communications and IT
Department of IT
STQC (Standardization Testing & Quality
Certification) Directorate
Test & Calibration Services
(Electro-technical) IT Services
CC Project in India
Quality Testing
Pen-Test
Lab
Security Testing
App. security test
Lab
Indian Common Criteria Certification Scheme
Ministry of Communications and IT
Department of IT
STQC (Standardization Testing & Quality
Certification) DirectorateCertification
Body
IT
Certifications
Certification
ISO 9000, 14000, IECEE CB
CC Test
Lab
Security TestingISO 20000
ITSMS
ISO 27001
ISMSCC/ISO 15408
Cert
4Indian Common Criteria Certification Scheme- July, 2010
About Indian CC Certification Scheme (IC3S
� STQC Certification Body is already accredited by RVA, Netherlands
as per ISO/IEC Guide 65 for different schemes like QMS, EMS, ISMS,
Product Safety and ITSM. These schemes operational for
years.
� Present scope of CC Certification covers Boundary Protection
Devices, Network & network related devices & systems
Common Criteria Standard Version 3.1, R3
Indian Common Criteria Certification Scheme
� Common Criteria Standard Version 3.1, R3
� Evaluation Assurance Levels 1
� Four validators of CB trained by TUViT, Germany on CC validation
� Isolated physical and logical network environment
� Secure storage for documentation
� CC Scheme Portal (https://www.commoncriteria
About Indian CC Certification Scheme (IC3S)
STQC Certification Body is already accredited by RVA, Netherlands
as per ISO/IEC Guide 65 for different schemes like QMS, EMS, ISMS,
Product Safety and ITSM. These schemes operational for last 18
Present scope of CC Certification covers Boundary Protection
Network & network related devices & systems and OSs
Common Criteria Standard Version 3.1, R3
Indian Common Criteria Certification Scheme- July, 2010 5
Common Criteria Standard Version 3.1, R3
Evaluation Assurance Levels 1 - 4
Four validators of CB trained by TUViT, Germany on CC validation
Isolated physical and logical network environment
Secure storage for documentation
https://www.commoncriteria-india.gov.in )
About Indian CC Certification Scheme (IC3S)
� Organization structure defined
� Documentation structure defined
� Scheme documents developed
� Process defined
� Periodic technical reviews conducted
� CC scheme responsibilities defined
Indian Common Criteria Certification Scheme
About Indian CC Certification Scheme (IC3S)
Organization structure defined
Documentation structure defined
Scheme documents developed
Periodic technical reviews conducted
CC scheme responsibilities defined
Indian Common Criteria Certification Scheme- July, 2010 6
CCTL overseeing by the scheme
� Compliance with ISO 17025
� Isolation of CCTL
� Secure repository and communication (with Developer and Certification body)
� Documented Project Planning and close monitoring the same
Systematic evaluation of documents� Systematic evaluation of documents
� Ensuring repeatability and reproducibilityresults for document evaluation.
� Ensuring traceability of evaluation to CEM work units
� Use of validated tools for Testing
� Comprehensive Testing of the TOE
� Guidance issued
Indian Common Criteria Certification Scheme
CCTL overseeing by the scheme – some insight
Secure repository and communication (with Developer and
Documented Project Planning and close monitoring the same
Systematic evaluation of documentsSystematic evaluation of documents
reproducibility of the evaluation results for document evaluation.
of evaluation to CEM work units
Use of validated tools for Testing
Comprehensive Testing of the TOE
Indian Common Criteria Certification Scheme- July, 2010 7
Guidance on evaluation of Cryptography
Problem:
� The inherent qualities of cryptographic algorithms is not covered in the CC
� Some developers have integrated OpenSSLhave written codes for themselves
� In both the cases Certification Body needs to ensure that Common Criteria Testing Lab, verifies the std. crypto algorithms are correctly implemented in TOE
� Also Certification Body needs to verify correctness of implementation of standard cryptographic mechanism in TOE
Indian Common Criteria Certification Scheme
Guidance:• Include FIPS Certified OpenSSL
encryption tool.• Adopt following documents as guidance for verification of
cryptographic implementation (in the TOE)� OpenSSL FIPS 140-2 User guide� AESAVS� RSAVS� SHAVS
• Use NIST published test vectors for AES, RSA,SHAcryptographic implementation under test
Guidance on evaluation of Cryptography
The inherent qualities of cryptographic algorithms is not covered in the CC
package in their product while others
In both the cases Certification Body needs to ensure that Common Criteria Testing Lab, verifies the std. crypto algorithms are correctly implemented in TOE
Also Certification Body needs to verify correctness of implementation of standard
8Indian Common Criteria Certification Scheme- July, 2010
OpenSSL object Module as standard reference
Adopt following documents as guidance for verification of cryptographic implementation (in the TOE)
2 User guide
Use NIST published test vectors for AES, RSA,SHA-1 to verify the cryptographic implementation under test
Guidance on Document evaluationD
ev
iati
on
fro
m C
C r
eq
uir
em
en
ts
Maturity of the document
Stage 0 Stage 1 Stage 2
De
via
tio
n f
rom
CC
re
qu
ire
me
nts
OR issued & addressed by the developer
Gen. comments
issued
Stage 0: Broadly addresses the requirements of CC
Stage 1:Reviewed by CCTL and OR issued
Stage 2:OR comments addressed by Developer
Stage 3: Ready for SER
Stage 4: Almost final , waiting to take care dependencies
Indian Common Criteria Certification Scheme
Guidance on Document evaluation
Stage 2 Stage 3 Stage 4
SER issued
OR issued & addressed by the developer
Stage 0: Broadly addresses the requirements of CC
Stage 1:Reviewed by CCTL and OR issued
Stage 2:OR comments addressed by Developer
Stage 3: Ready for SER
Stage 4: Almost final , waiting to take care dependencies
9Indian Common Criteria Certification Scheme- July, 2010
Pilot CCTL, Kolkata
Indian Common Criteria Certification Scheme 10Indian Common Criteria Certification Scheme- July, 2010
Status of the Pilot evaluation projects
Sl.
No
Product Type Target
EAL
Developer/Spo
nsor
1 Operating
System (BOSS)
EAL4 CDAC, India
2 SSL –VPN
appliance
EAL2 NeoAccel,
India
3 UTM (Firewall) EAL 4 Elitecore
Software, Software,
India
4 3Com , Router EAL 2 3 Com, India
5 SCOSTA, Smart
Card OS
EAL4 Eagle Software,
India
6 Cyber Check
suite, Cyber
Forensic tool
EAL2 CDAC, India
Indian Common Criteria Certification Scheme
Status of the Pilot evaluation projects
Developer/Spo Status PDC
CDAC, India Phase-II
(SER review, Testing
completed)
Nov 2010
Phase-II
(Docs. Review & Testing)
Nov 2010
Phase-II
(Docs. Review & Testing)
Nov 2010
(Docs. Review & Testing)
3 Com, India Phase-III ETR received
Eagle Software, Not Progressing after
application for Evaluation
??
CDAC, India Kick-off meeting
conducted
??
11Indian Common Criteria Certification Scheme- July, 2010
Contact persons
Dr. Gulshan Rai,
Director General (STQC)
Indian Common Criteria Certification Scheme
Arvind Kumar
Head CC Certification Body
Mrs. Mitali Chatterjee
Project Director, CC Project
Indian Common Criteria Certification Scheme- July, 2010 12
Subhendu Das
Head, CCTL
Thank youThank you
Indian CC Cert. Scheme (IC3S) : Organization Structure
Chairman
AdvisoryBoard (AB)
Management Committee (MC)
Management Functions
Indian Common Criteria Certification Scheme
Committee (MC)
Technical Advisory Committee (TAC)
MROperations Personnel
Executive functions
Decision Functions
Indian CC Cert. Scheme (IC3S) : Organization Structure
Chairman
AdvisoryBoard (AB)
Management Committee (MC)
Indian Common Criteria Certification Scheme- July, 2010 14
Committee (MC)
CEO
Certification Review
Committee
Operations Personnel
Specialists
ValidatorsAssessors/Specialists
Indian CC Cert. Scheme (IC3S) : Documentation Structure
Common Docs
IT CERT PROCEDURESP01, P02, P03, P04, P05, P06, P07, P08, P09, P10,
IT CERT DOCUMENTSD01, D02, D03, D04, D05, D06, D07, D08, D09
F01, F02, F03, F04, F05, F06
Indian Common Criteria Certification Scheme
Scheme Specific Docs
CC Form
F01, F02
F03, F04
F05, F06
F07, F08
F09, F10
F11, F12
F13, F14
F15
CC Doc
D01
D02
D03
CC Procedure
P01
P02
P03
P04
P05
P06
P07
CC Guides
G01
CC Scheme STQC/CC/01
Indian CC Cert. Scheme (IC3S) : Documentation Structure
IT CERT PROCEDURESP01, P02, P03, P04, P05, P06, P07, P08, P09, P10,
IT CERT DOCUMENTSD01, D02, D03, D04, D05, D06, D07, D08, D09
IT CERT FORMSF01, F02, F03, F04, F05, F06
Indian Common Criteria Certification Scheme- July, 2010 15
IT CERT/D01IT MANUAL
CC Guides
G01
Other Scheme Specific Manual ( ISO 27001, ISO 20000 )
Indian CC Cert. Scheme(IC3S) : List of documents
S.No. Description
01. CC Scheme Organization Management
and Operation
02. Standard Operating Procedure for
Certification Body
03. Guidelines for Laboratories Operating
under CC Scheme
04. Requirements for Testing Laboratories
Approval under CC Scheme.
Indian Common Criteria Certification Scheme
Approval under CC Scheme.
05. Charges for CC Certification
06. Guidance to Applicants(Sponsors/ Developers)
07. Appeals Procedure
08. Tech. Overview and Certification Procedure
09. Common Criteria Certificate
10. Common Criteria Certificate Maintenance Program
Indian CC Cert. Scheme(IC3S) : List of documents
Doc. No. Version
STQC/CCDO1 Ver. 1.0
STQC/CC/DO2 Ver. 1.0
STQC/CC/DO3 Ver. 1.0
STQC/CC/DO4 Ver. 1.0
Indian Common Criteria Certification Scheme- July, 2010 16
STQC/CC/DO5 Ver. 1.0
Guidance to Applicants(Sponsors/ Developers) STQC/CC/DO6 Ver. 1.0
STQC/CC/DO7 Ver. 1.0
Tech. Overview and Certification Procedure STQC/CC/DO8 Ver. 1.0
STQC/CC/DO9 Ver. 1.0
Common Criteria Certificate Maintenance Program STQC/CC/DO10 Ver. 1.0
Sponsor/Developer submits ST & confirms delivery of associated
inputs to CCTL for Evaluation
CCTL prepares Evaluation Work Plan & Evaluation Schedule
Sponsor & CCTL submit the following to Certificates Body
-ST and description of ToE
-Evaluation Plan
-Evaluation Schedule
Indian CC Cert. Scheme (IC3S) : Certification Process
Indian Common Criteria Certification Scheme
Review by Certification Body in kick-off meeting with CCTL and
Sponsor/ Developer finalization of certification work programme.
Certification Body accepts the Evaluation under the Scheme with
proper Application & other formalities.
Certification Body appoints validators to the Evaluation Project &
authorizes CCTL to proceed.
CCTL conducts evaluation of ToE as per ST based on CC standards
and perform site visit under review by validators.
Single Evaluation Reports are reviewed by the validators associated
with project.
CCTL submits ETR after review by validators to CB
Validators prepares final Validation Report
Indian CC Cert. Scheme (IC3S) : Certification Process
Indian Common Criteria Certification Scheme- July, 2010 17
Technical Review Committee scrutinizes the Validation Report &
recommend for certification
CB published the final validation report & issue the CC certificate
Phase – I = Preparation for Evaluation
Phase – II = Conduct of Evaluation
Phase – III = Conclusion / Certification
Phase -III
Indian CC Cert. Scheme(IC3S) :
Technical review is the general process employed by the
Certification Body to ensure that the evaluation and
certification activities under the scheme are being conducted
� In accordance with the requirements of
standards
� Following Common Evaluation Methodology
Accordance with specific requirements of CCRA
Indian Common Criteria Certification Scheme
� Accordance with specific requirements of CCRA
� Following scheme-specific policies and procedures
Indian CC Cert. Scheme(IC3S) : Technical Review
Technical review is the general process employed by the
Certification Body to ensure that the evaluation and
certification activities under the scheme are being conducted
In accordance with the requirements of Common Criteria
Following Common Evaluation Methodology
Accordance with specific requirements of CCRA
Indian Common Criteria Certification Scheme- July, 2010 18
Accordance with specific requirements of CCRA
specific policies and procedures
Responsibilities of Certification Body with respect to IC3S
� Establish and enforce policy and procedures for the operation of the scheme
� Make necessary information available to the public
� Encourage and approve CCTL participation in the scheme� Monitor the performance of participating CCTLs
� Remove a CCTL from the STQC Approved Laboratories List if the laboratory fails to meet the terms and conditions of the scheme
� Notify the community of any changes to the status of STQC Approved CC Laboratories
� Protect sensitive or proprietary information relating to IT products or protection profiles under evaluation
� Provide advice, guidance, support, and standards for training to CCTLs as required
Indian Common Criteria Certification Scheme
� Provide advice, guidance, support, and standards for training to CCTLs as required
� Review evaluation technical reports from CCTLs to ensure that the conclusions are consistent with the evidence presented and that the CC and CEM are correctly applied
� Seek guidance from industry experts, if required
� Publish publicly-releasable certification reports and issue CC certificates on successful completion of evaluation
� Publish periodically a validated products list
� Ensure logos and marks are appropriately placed on CC certificates or any other documents requiring such identification
� Arbitrate disputes arising in the context of the scheme
� Approve press releases or similar statements relating to the scheme
� Ensure consistency of CCTL evaluations across the scheme
Responsibilities of Certification Body with respect to IC3S
Establish and enforce policy and procedures for the operation of the scheme
Make necessary information available to the public
Encourage and approve CCTL participation in the schemeMonitor the performance of participating CCTLs
Remove a CCTL from the STQC Approved Laboratories List if the laboratory fails to meet the
Notify the community of any changes to the status of STQC Approved CC Laboratories
Protect sensitive or proprietary information relating to IT products or protection profiles under
Provide advice, guidance, support, and standards for training to CCTLs as required
Indian Common Criteria Certification Scheme- July, 2010 19
Provide advice, guidance, support, and standards for training to CCTLs as required
Review evaluation technical reports from CCTLs to ensure that the conclusions are consistent with the evidence presented and that the CC and CEM are correctly applied
Seek guidance from industry experts, if required
releasable certification reports and issue CC certificates on successful
Publish periodically a validated products list
Ensure logos and marks are appropriately placed on CC certificates or any other documents
Arbitrate disputes arising in the context of the scheme
Approve press releases or similar statements relating to the scheme
Ensure consistency of CCTL evaluations across the scheme
Requirement : Compliance with ISO 17025 and CC Standard Specifically following issues checked:• Knowledge of CC evaluators• Ensuring repeatability and reproducibility of the evaluation results for document evaluation.• Addressing the requirement of traceability of measurement (= evaluation)
CCTL response to meet the requirements• 12 Evaluators trained by TUViT, Germany. Currently, 4 evaluators with appropriate domain and CC Standard knowledge are working in CCTL Kolkata
• STQC IT Services, Kolkata is accredited by A2LA (American Association for Laboratory Accreditation) as per ISO 17025 for Software & Systems Conformance Testing and Accreditation) as per ISO 17025 for Software & Systems Conformance Testing and Security Testing. CCTL is a part of STQC IT Services, Kolkata.
• Requirements of both CC (or ISO 15408) and ISO 17025 have been addressed in lab specific operational procedure [OP-
• Technical requirements ISO 17025 (5.X) have been mapped with CCTL procedure & QMS docs.
• Design of ‘work sheets’ against each required work units of Common Evaluation Methodology [CEM, ver. 3.1] and the evaluators are required to capture their observation in the work sheet
• Work units of Common Evaluation Methodology is the reference traceable points for all evaluation activities
Indian Common Criteria Certification Scheme
Requirement : Compliance with ISO 17025 and CC Standard
of the evaluation results for document
of measurement (= evaluation)
CCTL response to meet the requirements, Germany. Currently, 4 evaluators with appropriate
domain and CC Standard knowledge are working in CCTL Kolkataaccredited by A2LA (American Association for Laboratory
Accreditation) as per ISO 17025 for Software & Systems Conformance Testing and Accreditation) as per ISO 17025 for Software & Systems Conformance Testing and CCTL is a part of STQC IT Services, Kolkata.
Requirements of both CC (or ISO 15408) and ISO 17025 have been addressed in lab 07(CC EAL 4)]
Technical requirements ISO 17025 (5.X) have been mapped with CCTL procedure &
’ against each required work units of Common Evaluation Methodology [CEM, ver. 3.1] and the evaluators are required to capture their
Work units of Common Evaluation Methodology is the reference traceable points for all
20Indian Common Criteria Certification Scheme- July, 2010
INTERNET
Leased lineCERT-IN Firewall
CERT
DMZ
ASA
Requirement : Isolation of CCTL
• Requirement for physical and logical isolation from rest of the laboratory
• CCTL members need access to general laboratory resources like eInternet, QA portal, fileserver, update services etc
• Developers require to submit their documents to CCTL securely
• CCTL requires to communicate evaluation results securely.
Broad Band
BB-23675114
BB-23679825
192.168.100.X
(dynamic)
Knowledge Hub
Indian Common Criteria Certification Scheme
Pen test Firewall
CERT-IN Test Bed
Security Testing
eGCA FW
eGCA
Desktops
Requirement for physical and logical isolation from rest of the laboratory
CCTL members need access to general laboratory resources like e-mail, Internet, QA portal, fileserver, update services etc
Developers require to submit their documents to CCTL securely
CCTL requires to communicate evaluation results securely.
IT Services Servers
192.168.100.X
Slim FW
CCFW
CCTL
SLIM
CCTL DMZ
21Indian Common Criteria Certification Scheme- July, 2010
INTERNET
Leased line
CERT-IN Firewall
CERT
DMZ
ASA
CCTL response to meet the requirements
Broad Band
BB-23675114
BB-23679825
192.168.100.X
(dynamic)
Knowledge Hub
Indian Common Criteria Certification Scheme
Pen test Firewall
CERT-IN Test Bed
Security Testing
eGCA FW
eGCA
Desktops
CCTL response to meet the requirements
IT Services Servers
192.168.100.X
Slim FW
CCFW
CCTL
SLIM
CCTL DMZ
22Indian Common Criteria Certification Scheme- July, 2010
Requirement : Secure repository and communication
• Project wise isolated repositories required for evaluation evidences• Means of secure communication (not email)• Developers need to exchange big files with CCTL• Isolation between Developer’s, CCTL’s and Validator’s document
repositories required• Safe custody of developer’s proprietary documents required
CCTL response to meet the requirementsCCTL response to meet the requirements
• Two document repositories with CM capability- Internal repository (SVN server) at CCTL LAN- External repository (SVN server) at CCTL DMZ
• Separate repositories for the projects with proper access control• External repository like a ‘Airport Runway’• All communication through SVN servers only• Secure communication with developer• Secure communication with
Indian Common Criteria Certification Scheme
Requirement : Secure repository and communication
Project wise isolated repositories required for evaluation evidencesMeans of secure communication (not email)Developers need to exchange big files with CCTLIsolation between Developer’s, CCTL’s and Validator’s document
Safe custody of developer’s proprietary documents required
CCTL response to meet the requirementsCCTL response to meet the requirements
Two document repositories with CM capabilityInternal repository (SVN server) at CCTL LANExternal repository (SVN server) at CCTL DMZ
Separate repositories for the projects with proper access controlExternal repository like a ‘Airport Runway’All communication through SVN servers onlySecure communication with developerSecure communication with validator
23Indian Common Criteria Certification Scheme- July, 2010
CCTL Repositories
Indian Common Criteria Certification Scheme
Internal repository at CCTL LAN
24Indian Common Criteria Certification Scheme- July, 2010
External repository at DMZ
Communication with developer
Before docs
Qualifies for
stage 0
Text
Ext. SVN
Server
After Stage 0
Evaluator
WSsOR
Ext. SVN
Server
Indian Common Criteria Certification Scheme
Communication with developer
Text
Ext. SVN
Server
Developer
OR
CCTL boundary
Ext. SVN
Server
25Indian Common Criteria Certification Scheme- July, 2010
Communication with validator
WSs
OR Ext. SVN Server
SER
CCTL boundary
Evaluator
Ext. SVN Server
Indian Common Criteria Certification Scheme
Ext. SVN Server
Validator’s Comments.
CCTL boundary
Validator
Ext. SVN Server
26Indian Common Criteria Certification Scheme- July, 2010
Tools used by CCTL for Common Criteria Testing by CCTL Kolkata
Sl. No.
Name of the tool Purpose
1 Wireshark, ver1.0.3 For sniffing the network traffic for within IP packet
2 MD5 Sums,(GNU Coreutils) ver 5.97
For generation of file digest,Integrity of file (source code)
3 OpenSSL-FIPS-Object Module V 1.2
Standardof crypto modules in the TOEModule V 1.2 of crypto modules in the TOE
4 Random Password Generator
For generation of random passwordswith defined complexity
5 WinMerge ver 2.10.4.0 For comparison of file
6 Fluke Optiview, series III
For analysis of network traffic
7 NIST approved Test tool for PRNG
For assessing
8 Nessus General
Indian Common Criteria Certification Scheme
Tools used by CCTL for Common Criteria Testing by CCTL Kolkata
Purpose
For sniffing the network traffic for deep analysis within IP packet
For generation of file digest, used for ensuring the Integrity of file (source code)
Standard Cryptographic package used for verification of crypto modules in the TOEof crypto modules in the TOE
For generation of random passwords of length 8 bit with defined complexity
For comparison of file
For analysis of network traffic
For assessing randomness of a set of data
vulnerability scanner for first step for VA
27Indian Common Criteria Certification Scheme- July, 2010
CC Evaluation Project typical time line
Kick off Meeting
ST (ASE)
Functional specification(ADV_FSP)
Architecture & Design(ADV_ARC/ADV_TDS )
Implementation Representation(ADV_IMP)
Testing (ATE_COV/ATE_DPT/ATE_FUN)
Time
Life Cycle (ALC_*)
Guidance Docs(AGD_PRE/AGD_OPE)
1M 3M2M
Indian Common Criteria Certification Scheme
CC Evaluation Project typical time line
Implementation Representation(ADV_IMP)
Testing (ATE_COV/ATE_DPT/ATE_FUN)
Time
Life Cycle (ALC_*)
Evaluation Technical Report (ETR)
Guidance Docs(AGD_PRE/AGD_OPE)
Independent Testing (ATE_IND)
Vulnerability Assessment(AVA_VAN)
4M 5M 6M 7M 8M 9M
28Indian Common Criteria Certification Scheme- July, 2010
Document evaluationD
ev
iati
on
fro
m C
C r
eq
uir
em
en
ts
Maturity of the document
Stage 0 Stage 1 Stage 2
De
via
tio
n f
rom
CC
re
qu
ire
me
nts
OR issued & addressed by the developer
Gen. comments
issued
Stage 0: Broadly addresses the requirements of CC
Stage 1:Reviewed by CCTL and OR issued
Stage 2:OR comments addressed by Developer
Stage 3: Ready for SER
Stage 4: Almost final , waiting to take care dependencies
Indian Common Criteria Certification Scheme
Document evaluation
Stage 2 Stage 3 Stage 4
SER issued
OR issued & addressed by the developer
Stage 0: Broadly addresses the requirements of CC
Stage 1:Reviewed by CCTL and OR issued
Stage 2:OR comments addressed by Developer
Stage 3: Ready for SER
Stage 4: Almost final , waiting to take care dependencies
29Indian Common Criteria Certification Scheme- July, 2010